package jdbc;

import java.sql.*;

/**
 * 使用预编译SQL防止 SQL注入攻击
 */
public class JDBCDemo8 {
    public static void main(String[] args) {
        LoginUserInfo  loginUserInfo = InputUtil.getInputObject(new LoginUserInfo(), "欢迎登录");
         try(Connection conn = DBUtil.getConnection();
        ) {
             String sql = " SELECT id,username,password,nickname,age " +
                     " FROM userinfo " +
                     " WHERE username = ? AND password = ? ";
             PreparedStatement ps = conn.prepareStatement(sql);
             ps.setString(1,loginUserInfo.getUsername());
             ps.setString(2,loginUserInfo.getPassword());
             ResultSet rs = ps.executeQuery();
             if(rs.next()){
                  String nickname = rs.getString("nickname");
                   System.out.println("登录成功！欢迎您，"+nickname);
             }else{
                  System.out.println("登录失败！用户名或密码不正确");
             }
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
